Top 5 Must-Know Phishing Simulation Templates - May Edition

Phishing templates and awareness campaigns are essential in preventing cyber threats. Templates test susceptibility, and campaigns educate on identification. Together they create a strong defense and promote cybersecurity awareness.  Using a complete security awareness training and phishing simulation solution like Wizer's, can give your program a boost in a stronger security mindset, strengthening your security culture.

Welcome to the May Edition of our monthly series featuring 5 Phishing Simulation Templates - brought to you by the Wizer Phishing team. 

Dodging Disruptions

Phishing Template_Stripe

No matter what kind of service we use, it always requires some level of management. This could involve controlling who has admin access or making sure that we carry out the tasks requested by the service to ensure its smooth operation.

Let’s take this email from Stripe. It doesn't announce that a large sum has been withdrawn from the account or that there has been a suspicious login; it merely states that one of the essential functions of the financial service is temporarily unavailable. It's like having a piggy bank with a sealed coin slot that needs to be fixed as soon as possible.

The phrasing of the call-to-action in this email is typical for finance-related notifications. Often, temporary restrictions are put in place to prevent fraud while the service verifies some details. This email leverages the fact that it would be difficult to resist lifting the restrictions, making it hard to ignore or put off until after the weekend.

The key takeaway here is that services that deal with money are highly valuable to cybercriminals. Therefore, it's essential to exercise extra caution when handling all notifications related to financial services.


Password Purgatory

Phishing Template IT Team

Passwords serve as the keys to our digital kingdoms, and are subject to frequent changes in policies that guide their creation and usage. Consequently, a change in a password policy is no longer an improbable event, but an expected part of digital work life where IT professionals hold the knowledge of what's best for both the organization and its employees.

However, policy updates that require acknowledgment have a wide audience, making them an ideal target for cybercriminals. This is a crucial lesson that your colleagues should take from this - or any other policy update email - that they are extremely popular with scammers. As a result, it's essential to exercise extra caution when receiving such emails.

Yet, security professionals need to balance the need for caution with the importance of delivering their instructions effectively. If every email is to be treated as a potential threat, it becomes as useful as bolding and underlining every word in a paragraph. Instead, by highlighting the most likely threats and encouraging a few extra seconds of checks, users can remain vigilant when it matters the most.

Educate your employees how to identify and avoid phishing attacks with Wizer Boost.

Clear out Curiosity

Phishing Template Example from Reception Admin

We may not like to think of ourselves as nosy, but most of us would probably admit to being curious. Cyber criminals often exploit this trait by using phishing emails that pique our interest. However, fear, worry, and joy are not the only emotions they try to instill in us.

In many ways, this phishing simulation template is a classic curiosity trigger, and there are other factors that could prompt us to click as well.

The first line sets the stage: office spaces have been cleared out, resulting in a collection of items whose owners are unknown. At this point, you may start to wonder if you've lost or left something in a conference room.

Even if we're certain we haven't misplaced anything, there's always a small part of us that's open to the possibility of being wrong.

Then the email taps into that part of us by asking, "Do you recognize anything of yours in the picture?" Suddenly, there's a seemingly easy way to find out for sure that nothing of ours is lost forever or claimed by someone else. And clicking is so effortless, right?

The final layer of this email is the suggestion that "you might not want to be reunited" with some of the items found. It's intriguing to wonder what those items could be that someone would prefer not to claim. Call it nosy or curious, but I think it's another reason why I may find myself clicking - to satisfy my need to check if I've lost anything and to see what my colleagues have left hiding around the offices.


Renewal Rethink

Phishing Template Example from Adobe Acrobat Renewals

Managing trial subscriptions can be complicated. It's a big commitment to click that "activate" button for an enticing 7-day trial. As your finger hovers over the button, you may be mentally mapping out the final days of the trial. Should I set a reminder, or trust that the fear of it becoming another monthly payment will keep it in the forefront of my mind?

We may be exaggerating a bit, but there's no denying that subscriptions and renewals have a reputation for catching people out. It can seem like stopping a subscription is much harder than starting it.

This workplace phishing email simulates a premium version of Acrobat Reader, a tool that many of us use to open PDFs. If it were a fitness app or an unrelated tool, it would be relevant to far fewer people.

The reality is that the recipient hasn't subscribed to Acrobat Reader, and that's what makes this phishing template a valuable learning experience. Because we tend to assume that official-looking emails are genuine, we may assume that something legitimate has triggered them. We're drawn towards a solution that can resolve the problem and stop the mental interruption.

For some, clicking to cancel seems inevitable. It's human nature to seek a solution to a problem, and by understanding why we act, we can start to question the authenticity of emails with a clearer mind.


Team Player

Phishing Template Example Microsoft Teams

Ms Teams is an online office where you can connect with colleagues beyond instant messaging. Therefore, we're often guided by its notifications, which nudge and remind us to be prepared and on time.

Even the most organized person in the world can get caught off guard by a time change or a missed invite. But we're accustomed to quickly fixing these issues. If we receive a tap on the shoulder, even in the form of an email, we know it's best to join now and question why we missed it later.

This phishing simulation template is not much different from a genuine notification, and Microsoft's user experience team has kept it simple and to the point. It has a straightforward request: "Join your Teams meeting." Instantly, our brains know what to do.

Check out more 1-minute security awareness training videos

Below that request is the next layer of the story. It again asks you to join and even addresses you by name. It also alleviates the worry we all have when joining a meeting: "How meeting ready am I?!" While this section has only 13 words, each one is designed to encourage you to trust the notification and not worry about being late.

There is much that's very ordinary about emails like this, which is why we go into autopilot when we see them. By learning more about why they're so effective in a controlled environment, we can begin to be more vigilant in our inboxes.

📥Download these Phishing Templates to use in a security awareness training session

That's it for this month's phishing template ideas - looking for more ideas for phishing templates? Check out the resources below ⬇️  And check back next month for more!

Past  Phishing Templates:

Top 5 Must-Know Phishing Simulation Templates - April Edition

Top 5 Must-Know Phishing Simulation Templates - March Edition

Top 5 Must-Know Phishing Simulation Templates - February Edition